DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Alternative to Telerik Removal

Sort:
You are not authorized to post a reply.
Page 1 of 212 > >>





New Around Here





    We have a site that uses many DNN Wrapped and direct use of Telerik Controls in our custom modules.  I was looking to remove Telerik based on the recommendations to do so.  But it would take finding ways to do similar things and recoding the modules.  We use lots of wrapped Numeric and Mased Text Boxes as well as TabStrip, Windows, Page Views, Loading panels, etc...  The modules currently have a short lifespan in the future and will no longer be used in say 6-9 months.

    So what I am wondering is if I purchase the Telerik controls directly and overlay the dlls, will the vulnerability be mitigated without having to redesign and recode modules that will be dead within the year?






    Veteran Member





      Posted By Joe Wolner on 17 Feb 2022 07:24 PM

      We have a site that uses many DNN Wrapped and direct use of Telerik Controls in our custom modules.  I was looking to remove Telerik based on the recommendations to do so.  But it would take finding ways to do similar things and recoding the modules.  We use lots of wrapped Numeric and Mased Text Boxes as well as TabStrip, Windows, Page Views, Loading panels, etc...  The modules currently have a short lifespan in the future and will no longer be used in say 6-9 months.

      So what I am wondering is if I purchase the Telerik controls directly and overlay the dlls, will the vulnerability be mitigated without having to redesign and recode modules that will be dead within the year?

      You could buy a Telerik license..?

       






      New Around Here










        Veteran Member





          Posted By Joe Wolner on 22 Feb 2022 02:22 PM
          Can't you? https://www.telerik.com/aspnet-mvc

          Whom do you mean by "you"?

          To explain it a bit: In 2009, DNN Corp. and Telerik signed an OEM agreement stating that Telerik's entire RAD Control suite was shipped with all editions of DNN. This contract ended in 2013 and the status of the delivered Telerik controls was "frozen" at that time - DNN Corp. received the source code with the right to fix bugs and security-related problems, but not to further develop the suite or use new versions. Then DNN went back to the community, unpaid and voluntary developers who brought and bring DNN forward. But these security issues continued to escalate, and it took more and more effort from the developer community to fix them.

          On the other hand, many DNN components were (and are) dependent on this library, so removing them step by step from DNN is like open-heart surgery. Thanks to the joint effort of everyone, version 9.8.0 had succeeded in removing these from a DNN installation, and provided the extensions that do not require the library.

          This has been a strategic decision. We all must understand that people who work hard and for free are not willing to pay for an extra-expensive license. The decision is to only use open source, free tools in the delivered DNN package.

          So if you need Telerik, you have to buy it yourself.

          Happy DNNing!
          Michael

          PS. Even during the agreement with Telerik, third party developers were NOT allowed to use the Telerik components in their products, only wrapper functions provided by the DNN core - or buy a license. What you call "[...]direct use of Telerik Controls in our custom modules [...]" is exactly this scenario.

           

          Michael Tobisch
          DNN★MVP

          dnnWerk Austria
          DNN Connect





          New Around Here





            We use both DNN wrapped Telerik functions and some direct use of Telerik.

            What I am trying to iron out is "IF" it is possible to mitigate the Telerik vulnerabilities(both wrapped and direct) by an organization(not a module developer but an end user) by purchasing Telerik and replacing the Telerik.*.DLL files in the bin folder.

            We are looking at short term use(6-9 months).

            What we would like is a secure site and if there is an easy and quick(although possibly expensive) alternative to removal we would prefer that route vs recoding custom modules that will no longer be used in less than a year.

            After those modules were removed we would fully expunge Telerik from our site.





            Veteran Member





              Joe,

              that means you have a Telerik license? I have never tried it, but this should be the way to go. I would try it in a testing environment / copy of the website and database, and when it works fine go to production.

              But hopefully there is someone around here who has some experience with that...

              Happy DNNing!
              Michael

              Michael Tobisch
              DNN★MVP

              dnnWerk Austria
              DNN Connect





              New Around Here





                I have been using my own Teelrik license for years. Copy the dlls to the ddl folder. Change the version number in the web.config and it works. Just be careful not to copy the old Telerik version with new DNN updates.





                New Around Here





                  Here is something I did not expect, Telerik will(and did) supply version 2020.1.114 to protect against CVE-2019-18935.

                  I put in a forum thread at Telerik and they changed it to a ticket and provided a licensed file!

                  If I put in the new dlls from Telerik will the deprecated DNN wrapped controls use it automatically? Or will I need to change any DNN wrapped controls to use Telerik controls(which isn't a big deal to do)?





                  New Around Here





                    Han,

                    We are considering purchasing a telerik license to develop DNN modules for a web application we are building.  We are currently on DNN 9.11

                    For web development they have several options such as Telerik UI for ASP.NET AJAX, Telerik UI for ASP.NET MVC, Telerik UI for ASP.NET Core, Telerik UI for Blazor, etc.

                    Which one do you use?

                    Tom Wood





                    Veteran Member





                      FYI, I don't personally really hear of people in the DNN community using Telerik much these days.  Most of us are writing true SPA implementations using either React, Angular, or Vue.  Back in the day, doing that was far more difficult than it is today.  🙂 

                      However, just looking at the titles, you probably need to choose the edition for ASP.NET AJAX.  Also, you'll want to follow the full instructions for removing telerik from DNN before starting, unless you've already done that.  Otherwise, you're going to keep running into issues.  

                      You are not authorized to post a reply.
                      Page 1 of 212 > >>

                      These Forums are dedicated to the discussion of DNN Platform.

                      For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                      1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                      2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                      3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                      4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                      5. No Flaming or Trolling.
                      6. No Profanity, Racism, or Prejudice.
                      7. Site Moderators have the final word on approving / removing a thread or post or comment.
                      8. English language posting only, please.

                      Would you like to help us?

                      Awesome! Simply post in the forums using the link below and we'll get you started.

                      Get Involved